Solved: Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6 - Micro Focus Community

landrich · ‎2019-04-15

Hallo,

now we bring our Vibe 4.0.6 to our Users, but we had an Problem with Firefox (66). We became the Error "SEC_ERROR_BAD_SIGNATURE. If we restart the vibe deamon, it work, but after an time x it don´t work anymore in Firefox, but in IE, Chrome and Edge all is fine.

We use our own certificates an these are in the windows certification store, in Firefox we insert an file, so that Firefox use the windows certification store as well, and it worked.

If you tell me, that I must install the Patch for vibe 4.0.6, so I must told you, that we can´t download them. For any reason, we can´t do this.

JongKim · ‎2019-11-28

Could someone having this problem please try the following and see if it makes difference?

1. Edit /opt/novell/teaming/jre/conf/security/java.security file and identify the following block of configuration.

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL

2. Append RSASSA-PSS to the setting. The resulting lines should look something like this.

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, RSASSA-PSS

3. Restart Tomcat and give it a try.

I can't duplicate the reported issue in house, so rely on your help in trying out any ideas that may have merit.

Thanks.

View solution in original post

schleissheimer · ‎2019-04-15

Hi landrich,
had the same problem, try changing to only support TLSv1.2

/opt/novell/teaming/apache-tomcat/conf/server.xml:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" maxThreads="200" SSLEnabled="true" acceptCount="0" protocols="TLSv1.2">
   <SSLHostConfig SSLProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" protocols="TLSv1.2" ciphers="HIGH:!EXP:!aNULL:!MD5@STRENGTH">
      <Certificate certificateKeystoreFile="conf/.keystore" certificateKeystorePassword="XXX" certificateKeyAlias="tomcat" type="RSA"/>
   </SSLHostConfig>
</Connector>

cu Sven

landrich · ‎2019-04-16

Hi Sven,

if I look to my server.xml, I would say that all TLS-versions are supported by ouer Vibe

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" maxThreads="200" SSLEnabled="true" acceptCount="0">
        <SSLHostConfig sslProtocol="TLS" protocols="all" ciphers="HIGH:!3DES:!EXP:!aNULL:!MD5">
            <Certificate certificateKeystoreFile="conf/.keystore" certificateKeystorePassword="XXXXXXX" certificateKeyAlias="tomcat" type="RSA"/>

                    </SSLHostConfig>

            </Connector>

And If this is the problem, why do it work after reboot the vibe deamon, and at an time X it stop working only for Firefox, and only if you open an new session, whit an existing session with cash data from vibe the error doesn´t appeare.

but I will try it if the problem appears next time

landrich · ‎2019-04-16

I think I found the problem, it looks like the datasync is the Problem, for now In stopped the Vibe Connector, I we will see if the error came back or not.

I can´t understand, why Micro Focus doesn´t give us the possibility to sync our vibe and Groupwise calenders. It is possible to integrate vibe to Groubwise client, but not to sync calenders

imessenger · ‎2019-04-16

I was also seeing this for a little while after getting FireFox 66. It would work fine for half a day or so after restarting Vibe.
I have a public wildcard certificate that has worked for several years and still worked fine with Edge, Chrome, IE11, etc.
I fairly recently got an update to FireFox (66.0.3) and the problem went away.

imessenger · ‎2019-04-16

I have had reports that setting Vibe to only support TLS1.2 has caused issues with GroupWise integrations and the Desktop application. That is still being looked into.

imessenger · ‎2019-04-16

One note on the Patch 1, I had a few reports of people who could not see the patch on the download site. Clearing their Browser Cache and restarting the Browser seemed to solve that. Not sure why.

landrich · ‎2019-04-16

The problem is still there, I changed the server.xml like Sven sad I stopped the Vibe connector in Datasync and delete the application on vibe, but after hours of working, the error appeared again.

And we still use Firefox 66.0.3.

The big question is, why only in Firefox, and why only after several hours of working fine.

We installed our RootCA and our VibeCA to windows certificationstore, and in firefox we implemented under "C:\Program Files\Mozilla Firefox\defaults\pref" an trustwincerts.js with the code

/* Allows Firefox reading Windows certificates */    
pref("security.enterprise_roots.enabled", true);

so that firefox uses the windows certifikationstore but on PC´s without that .js the error also appears

But I can´t create an cronjob and start the vibedeamon evry hour, that can´t be the solution.

And the most of our users use firefox, there are only a handful users using Chrome, Edge or IE

@ imessager

at the Customer Center I can see that there is an Patch, but I can´t download, the is a Padlock, on if I try to download from the Link in the readme file, I became the message that I´m not authorized to download that file, so I can download Vibe 4.0.6 but not the Patch, I think after eastern I will contact Micro Focus why.

schleissheimer · ‎2019-07-24

Hello All,

I must refuse my fix to switch to TLS1.2.

Today I rebooted my vibe Server and Firefox got the BAD SIGNATURE error even with my "fix", Chrome was working fine. After that I restarted only the vibe service and firefox started to work again.

Also GroupWise integration is not working with my TLS 1.2...

Has anyone some more Ideas on this. We are using a wildcard certificate from GoDaddy.

cu SveN

landrich · ‎2019-08-26

Hi,

after month of working fine without the Datasync, now the probleme appears again, now we are using Firefox 68.0.2

Because we had no time for the probleme with the not working Patch 1-link, we still not have installed it yet.

I was on vacation and today it is my first day after, I only had an mail from my colleague, that he restart the Server after an update and restart the server, the error appears. I don´t know wich update because now my colleague is on vacation. also he informed me, thtat there are same PC, without the error, I think there will be an older Firefox installed. Chrome, IE and Edge work fine.

cesmad · ‎2019-10-14

We have this problem too, for months we have to manually restart vibe service again and again, 20 - 30 times a day.

It is frustrating!

Is there hope that this will be repaired?

Thank you

Michal Hradecky

mrosen · ‎2019-10-14

So, I have to ask this: Has any of you opened a SR on this?

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de

laurabuckley · ‎2019-10-23

Hi,

This is being investigated by engineering - BUG#1135920

Cheers,

Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...

mrosen · ‎2019-10-24

I'm not sure they're on the right track. We're facing this issue too, and here are some facts that the Bug doesn't match:

1 It certainly started with 4.06, not 4.05 like some comments in the bug are about. Any issues with 4.05 must IMHO be some different problem and may mislead people.

2. We're using a self-signed certificate, the same one we use for a long time. No digicert or any other third party CA in sight.

3. Straight certificate issues themself (like the idea that some intermediate is still SHA-1) of course would under no circumstance suddenly vanish with a reboot of the Vibe appliance. If browsers wouldn't trust any intermediate certificate, they would fail consistently.

4. We are absolutely not using any vibe office plugin, so that's not it either. Let me try to find out what we need to do to "break" it after restarting vibe....

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de

landrich · ‎2019-10-24

Here are our System maybe it´s helpfull.

- Vibe 4.0.6 (for now incl. Patch1) on an OES18 - Server

- Certifcate from our own OES-CA

- Root-CA and Vibe-Webserver-certificate in Windows-cert-store an in the Vibe-server-keystore

- Client Windows 10 Pro (1809 / 1903) and Windows 7 Pro

- Browser that dosn´t work is Firefox - IE an Chrome work fine and the certs must not be accepted because the are in the Windows-cert-store

- Firefox uses the Windows-cert-Store

- if vibe-service is restarted, vibe work in Firefox, after an time x it stop working in Firefox, but IE and Chrome work fine

- Vibe-keystore is upgrded to PKCs12 and the server reboot, but the problem is still the same

SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Betreff: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Betreff: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Betreff: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6

Re: SEC_ERROR_BAD_SIGNATURE only in Firefox Vibe 4.0.6